Bleichenbacher's DSA attack (57e7d3ce) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -3,6 +3,10 @@

		Changes between 0.9.6 and 0.9.7 [xx XXX 2000]

		*) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
		Bleichenbacher's DSA attack.
		[Ulf Moeller]

		*) Update Rijndael code to version 3.0 and change EVP AES ciphers to
		handle the new API. Currently only ECB, CBC modes supported. Add new
		AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites

+1 −0

Original line number	Diff line number	Diff line
		@@ -329,6 +329,7 @@ BIGNUM BN_CTX_get(BN_CTX ctx);
		void BN_CTX_end(BN_CTX *ctx);
		int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
		int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
		int BN_rand_range(BIGNUM rnd, BIGNUM min, BIGNUM *max);
		int BN_num_bits(const BIGNUM *a);
		int BN_num_bits_word(BN_ULONG);
		BIGNUM *BN_new(void);

+11 −0

Original line number	Diff line number	Diff line
		@@ -168,3 +168,14 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
		return bnrand(2, rnd, bits, top, bottom);
		}
		#endif

		/* random number r: min <= r < max */
		int BN_rand_range(BIGNUM r, BIGNUM min, BIGNUM *max)
		{
		int n = BN_num_bits(max);
		do
		{
		if (!BN_rand(r, n, 0, 0)) return 0;
		} while ((min && BN_cmp(r, min) < 0) \|\| BN_cmp(r, max) >= 0);
		return 1;
		}

+1 −7

Original line number	Diff line number	Diff line
		@@ -180,13 +180,7 @@ static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
		kinv=NULL;

		/* Get random k */
		for (;;)
		{
		if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
		if (BN_cmp(&k,dsa->q) >= 0)
		BN_sub(&k,&k,dsa->q);
		if (!BN_is_zero(&k)) break;
		}
		if (!BN_rand_range(&k, BN_value_one(), dsa->q)) goto err;

		if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
		{

+10 −3

Original line number	Diff line number	Diff line
		@@ -12,6 +12,8 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number

		int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);

		int BN_rand_range(BIGNUM rnd, BIGNUM min, BIGNUM *max);

		=head1 DESCRIPTION

		BN_rand() generates a cryptographically strong pseudo-random number of
		@@ -25,11 +27,15 @@ this function are not necessarily unpredictable. They can be used for
		non-cryptographic purposes and for certain purposes in cryptographic
		protocols, but usually not for key generation etc.

		The PRNG must be seeded prior to calling BN_rand().
		BN_rand_range() generates a cryptographically strong pseudo-random
		number B<rnd> in the range B<min> E<lt>= B<rnd> E<lt> B<max>. B<min>
		may be NULL, in that case 0 E<lt>= B<rnd> E<lt> B<max>.

		The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().

		=head1 RETURN VALUES

		BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error.
		The functions return 1 on success, 0 on error.
		The error codes can be obtained by L<ERR_get_error(3)\|ERR_get_error(3)>.

		=head1 SEE ALSO
		@@ -40,6 +46,7 @@ L<RAND_add(3)\|RAND_add(3)>, L<RAND_bytes(3)\|RAND_bytes(3)>
		=head1 HISTORY

		BN_rand() is available in all versions of SSLeay and OpenSSL.
		BN_pseudo_rand() was added in OpenSSL 0.9.5.
		BN_pseudo_rand() was added in OpenSSL 0.9.5, and BN_rand_range()
		in OpenSSL 0.9.6a.

		=cut